Visit Jeremy's Blog.
Go Back > Blogs > arniekat
User Name


Rate this Entry

Slackware-13.37-Hacks-Encrypted Netbook

Posted 03-02-2012 at 12:42 PM by arniekat


Item List:
1. A 1GB USB Flash Disk (Lilo Boot Disk)
2. A 4GB USB Flash Disk (Slackware 13.37 USB Installer)
3. A USB External Hard Drive at least 16GB (Windows 7 Recovery Image)

This tutorial will keep the Windows 7 Install and have Slackware 13.37 installed alongside Windows. You will boot Slackware with a 1GB Lilo Boot Disk. If the Boot Disk is not inserted, the machine will boot straight to Windows without anyone being the wiser. Also, the swap space and the /home directory on the Slackware installation will be encrypted with LUKS.


When you first boot up the Asus and start Windows 7 Starter, you will probably want to backup the Windows 7 Install since there is no way that I am aware of recovering Windows in the future if you need it. You will need something like an external USB Drive or a very large flash drive to store the Windows 7 Recovery Image. The Backup Image Utility is located at:

Control Panel > System and Security > Backup and Restore

Disk Drive Partition Setup 232.89GB (250GB)

The Asus is partitioned in the following manner (as viewed with cfdisk):

100.00GB NTFS Primary Partition sda1
15.00GB VFAT Primary Partition sda2
118.00GB Free Space (Approximately)
15.00MB EFI (FAT-12/16/32) Primary Partition sda4

We will create a Logical Partition out of the Free Space without touching any of the other partitions and install Slackware on that Logical Partition.



Creating A Slackware USB Flash Disk Installer

This can be used to install Slackware to a netbook. What this does is create a bootable USB Flash Drive with all the packages needed for installation. You only need a 2Gb Flash Stick to create the installer including the packages.

NOTE - You will need an existing Slackware machine to create a USB Installation Stick!

On a Slackware Desktop, I started with a 4Gb Flash Disk plugged into a USB port. Open a Terminal and using the dmesg command, see the designation of your USB stick. My desktop hard drive is /dev/sda, so this makes sense that it would be /dev/sdb. When it shows up on your desktop, unmount it.

Download the script from /usb-and-pxe-installers directory on a Slackware 13.37 mirror or get the script from the DVD-ROM in the /extra directory.

You will need the Slackware 13.37 DVD for the next step. When I put in the DVD-ROM into my drive, the File Manager opened it at the location /media/SlackDVD. Now, run the script inputting the location of the packages and the device name of your USB flash drive. The -f flag means format the USB stick and the -s flag means the slack directory where the packages are located. The messages below are similar to what you will see.

bash-4.1# sh ./ -f -s /media/SlackDVD -o /dev/sdb

# We are going to format and use this device - '/dev/sdb':
# Vendor : UDISK
# Model : PDU01_4G 8BI2.0
# Size : 3856 MB


# Disk /dev/sdb: 4043 MB, 4043309056 bytes
# 125 heads, 62 sectors/track, 1018 cylinders, total 7897088 sectors
# Units = sectors of 1 * 512 = 512 bytes
# Sector size (logical/physical): 512 bytes / 512 bytes
# I/O size (minimum/optimal): 512 bytes / 512 bytes
# Disk identifier: 0x0002ba2d

# Device Boot Start End Blocks Id System
# /dev/sdb1 * 62 7889499 3944719 c W95 FAT32 (LBA)

*** If this is the wrong drive, then press CONTROL-C now! ***
Or press ENTER to continue: <ENTER>
--- Formatting /dev/sdb with VFAT partition label 'USBSLACKINS'...
--- Last chance! Press CTRL-C to abort!
Or press ENTER to continue: <ENTER>
--- Available free space on the the USB drive is 3939804 KB
--- Required free space for installer: 31377 KB
--- Copying boot files to the USB drive...
--- Extracting Slackware initrd.img...
--- Modifying installer files...
--- Gzipping the initrd image again:
--- Copying Slackware package tree to the USB drive...
--- Cleaning up the staging area...
--- Making the USB drive '/dev/sdb' bootable...

To actually use it, you will need to change the BIOS on your netbook to be able to boot from a USB Device and/or hit ESC to select the USB Stick for booting.


Hit the ESC button when you are booting your netbook to get Boot Device Menu. Select the USB Stick so the Slackware Installer will boot. Now you should recognize the familiar Slackware Installer.

After logging in as root, fire up the cfdisk tool to partition your hard drive. The partition scheme I will use will be:

sda1 100.00GB NTFS Primary Partition (DO NOT TOUCH!)
sda2 15.00GB VFAT Primary Partition (DO NOT TOUCH!)
sda5 10.00GB Linux (For / partition)
sda6 2.00GB Linux swap (For swap space)
sda7 10.00GB Linux (For /tmp partition)
sda8 15.00GB Linux (For /usr partition)
sda9 81.00GB Linux (For /home partition)
sda4 15.00MB EFI (FAT-12/16/32) Primary Partition (DO NOT TOUCH!)

# cfdisk

Arrow-down to the Free Space section that has approximately 118GB. Select [New] to create a new partition from the free space. Select [Logical]. Under Size (in MB), type 10240. Add the partition at the [Beginning] of free space. Arrow-down and select [New] to create a new partition from the free space. Under Size (in MB), type 2048. Add the partition at the [Beginning] of free space. Arrow over to [Type] and select it. Change the partition type to 82 Linux swap. Arrow-down and select [New] to create a new partition from the free space. Under Size (in MB), type 10240. Add the partition at the [Beginning] of free space. Arrow-down and select [New] to create a new partition from the free space. Under Size (in MB), type 15360. Add the partition at the [Beginning] of free space. Arrow-down and select [New] to create a new partition from the free space. Under Size (in MB), accept the value that is listed. This will be the remainder for our /home directory.

Now, look over your partition table and if it is correct, take a deep breath, arrow to the [Write] key and hit <ENTER> to write the partition table. You will be asked if you really want to write the partition table to disk? (yes or no) yes <ENTER>

Now arrow over to [Quit] and quit cfdisk. You might want to hit CTRL+ALT+DELETE to reboot your netbook and check that Windows still boots up. That way you won't spend your time installing Slackware only to find out you need to fix Windows.

You will now need to prepare the /home partition for encryption.


Source - README_CRYPT.TXT and README.initrd

The /home partition is sda9. If you want to fill the partition with random data (this will make it a lot harder for any forensics expert to determine where your encrypted data resides on that partition), you can do it with the following command:

# dd if=/dev/urandom of=/dev/sda9

The process will take a long time - depending on the size of your partition it may take hours or more. On one of my 160Gb SATA Drives, it took 48 hours (2 days!) for the drive to fill up with random data.

Prepare the partition for encryption. You will be asked twice to enter a passphrase. Note that a passphrase is not limited to a single word. The passphrase may contain spaces.

The next section shows a key size of 256 bits with the default cipher as 'aes', with mode 'cbc-essiv:sha256' which is safe enough. I show what the command would look like using the Blowfish algorithm.

AES Algorithm 256-Bit Encryption

# cryptsetup -s 256 -y luksFormat /dev/sda9
# Enter LUKS Passphrase: <Enter_Passphrase_Here>
# Verify Passphrase: <Enter_Passphrase_Again>

Blowfish Algorithm 448-Bit Encryption

# cryptsetup -s 448 -y luksFormat -c blowfish /dev/sda9

This will overwrite data on /dev/sda9 irrevocably.
Are you sure? (Type uppercase yes): YES <ENTER>

# Enter LUKS Passphrase: <Enter_Passphrase_Here>
# Verify Passphrase: <Enter_Passphrase_Again>

You can check/dump information about the encrypted partition to your console by running the following command:

# cryptsetup luksDump /dev/sda9

Now we will 'open' the encrypted partition and let the devicemapper create a mapped block device. We will use the mapped device which behaves just like an ordinary disk partition when we get to the TARGET selection in 'setup'. The mapped device nodes will be created in the directory '/dev/mapper'. The command will ask you for the passphrase which you entered during the "luksFormat" operation. The last argument that the command takes is the name of the mapped device. We will call our mapped device 'crypthome' (any name will do). It will be available for use as the block device '/dev/mapper/crypthome'.

# cryptsetup luksOpen /dev/sda9 crypthome
# Enter Passphrase for /dev/sda9: <Enter_Passphrase_Here>

Now, start the 'setup' program and install Slackware. This is no different than a regular Slackware install except that: 1. The name of the target partition for /home will change and 2. After installation, but before rebooting, you will need to do some text editing to be sure your encrypted partition is available after reboot.

In setup, under "ADDSWAP", proceed as usual and configure a normal unencrypted swap partition, even if you want to have your swap encrypted. We will take care of swap encryption after the installation of Slackware finishes. In this example, it is /dev/sda6

Please select a partition from the list to use for your root (/) Linux Partition.
/dev/sda5 formatted as ext4

Select other Linux partitions for /etc/fstab
/dev/sda7 formatted as ext4 with a mount point of /tmp

Select other Linux partitions for /etc/fstab
/dev/sda8 formatted as ext4 with a mount point of /usr

Select other Linux partitions for /etc/fstab
/dev/mapper/crypthome formatted as ext4 with a mount point of /home

NOTE - The underlying partition will also be visible in the target selection menu. In this case, it is /dev/sda9. Be very careful NOT to select this device for any other filesystem you wish to create, or you will destroy the data on the encrypted partition.

Select --- (done adding partitions, continue with setup)

FAT or NTFS Partitions Detected
Partitions of type FAT or NTFS have been found on your system. Would you like to add these partitions to your /etc/fstab so that these partitions are visible from Linux?
<Yes> <ENTER>

Select partition to Add to /etc/fstab
/dev/sda1 NTFS

NOTE - I do not select /dev/sda2, which is a FAT32 partition since that is a recovery partition of some sort. Also /dev/sdb1 FAT32 shows up on this list, which is just your USB Flash Install disk.

Set Security for NTFS Partition

fmask=111,dmask=000 All users can read/write to any file (ntfs-3g)

Pick mount point for /dev/sda1


Select --- (done, continue with setup)

At the Source Media Selection section, you should see Option 6 Install from a pre-mounted directory highlighted. Click <OK> to continue. The directory /usbinstall/SlackDVD/slackware is already entered for you and just hit <OK>. At the Package Series Selection, I just hit <OK> <OK> to do the Full Installation, which will Install everything (6.5+GB of Software, RECOMMENDED!)

After the installation, you will need to make a USB Flash Boot Disk. Select

Create Make a USB Linux boot stick

You will see a message that says "No new USB device was detected. If you have already inserted your USB stick, please remove it now. Then select 'Restart'."

Click <Restart> and you will be back at Make USB Flash Boot menu. Insert the 1GB USB Flash Disk into another open USB Port on your netbook. Highlight "Create Make a USB Linux boot stick" and click <OK>. You should now see "New Device Detected" with the 1GB Flash Drive Specifications. If this is correct, select <Yes> to continue.

NOTE - If you have problems with the USB Disk being detected, you might want to try wiping the boot sector of the USB Flash Drive. See Below for details.

After the USB boot stick is created, you can continue with the Configuration of the System.

At the Install Lilo menu, select "skip Do not install LILO".

1. Mouse Configuration
2. GPM Configuration
3. Network Configuration
4. Confirm Startup Services to run
5. Console Font Configuration
6. Hardware Clock Configuration
7. Select Default Window Manager for X
8. Set the Root Password

Setup Complete.

At the end of the Slackware installation when you select "Exit", don't reboot just yet! We are going to create a configuration file for the cryptsetup program, called '/etc/crypttab'. This file contains the information cryptsetup needs for unlocking your encrypted volume and mapping it to the correct device name. The file '/etc/crypttab' contains lines of the format: "mappedname devicename password options". Since we are still inside the installer, the root filesystem of our fresh Slackware installation is still mounted under '/mnt'. For our example where we encrypted '/dev/sda9' and mapped the unlocked device to '/dev/mapper/crypthome', we need this single line in '/etc/crypttab':

crypthome /dev/sda9

So, we need to run the command:

# echo "crypthome /dev/sda9" > /mnt/etc/crypttab

in order to create the file with the required content (I am assuming here that the file did not yet exist... the above command will overwrite the data in the file should it have existed). You can of course also just start the 'vi' editor and add the above line. When the password is not listed in the crypttab file (potentially very unsafe of course) cryptsetup will ask you for the password when your computer boots.

Do not reboot yet!


Add the following line to the 'crypttab' file on your fresh installation of Slackware - the swap partition in this case is '/dev/sda6':

cryptswap /dev/sda6 none swap

You can use the 'vi' editor to add this line to '/mnt/etc/crypttab'. You can also choose to run the following command which adds that line to the end of the file:

# echo "cryptswap /dev/sda6 none swap" >> /mnt/etc/crypttab

We need to edit the 'fstab' file of your Slackware installation so that the correct device will be used for the swap after your computer reboots (the device '/dev/sda6' will no longer be useful, but '/dev/mapper/cryptswap will'). The line in '/mnt/etc/fstab' for your swap will look like this at first:

/dev/sda6 swap swap defaults 0 0

and you will have to change it so that it becomes like this:

/dev/mapper/cryptswap swap swap defaults 0 0

These two edits are sufficient. The above instructions assume that you edited the 'crypttab' file at the end of a Slackware installation, but in fact you can do this at any time. The Slackware boot-up process will take care of the rest. At shutdown of your Slackware, the encrypted swap partition will be reformatted as a normal unencrypted swap, so that any other OS-es you might be running in a multi-boot configuration will have no problems in using this swap partition as well.

NOTE - The swap partition is encrypted with a new randomly generated key every time your computer boots. There is no need to ever enter a passphrase!

Now reboot your computer.


# dd if=/dev/zero of=/dev/sdx bs=512 count=1
Posted in Uncategorized
Views 2052 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 02:39 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration